First-party fraud ranks among the top three fraud events financial institutions face. But most institutions don't accurately quantify and qualify their risks, says Keir Breitenfeld, senior director of fraud for Experian Decision Analytics.

The primary challenge: defining first-party fraud. "Everybody agrees first-party fraud is big," Breitenfeld says. "The problem is that there are so many different definitions, we have a hard time getting our hands around it."

The textbook definition of first-party fraud refers only to fraud perpetrated through the opening of new accounts with no intention of repayment. But in a new report, "First-Party Fraud - Trends, Challenges and Outlook," Experian says financial institutions should broaden their perspective.

Experian estimates first-party fraud accounts for at least 25 percent of total consumer credit charge-offs in the United States. TowerGroup supports that estimate, claiming that between 5 percent and 35 percent of card issuers' total bad-debt write-offs result from first-party fraud and/or credit abuse.

Based on those figures and internal findings, Experian claims first-party fraud results in annual losses that top tens of billions of dollars.

'Isolate and Segment' First-Party Fraud

Banks and credit unions rely too heavily on credit scores for the categorization of first-party fraud. "Financial institutions don't have a good handle on first-party fraud," Breitenfeld says. That's why the report's findings are based on various credit-reporting facts, rather than survey opinions offered by card-issuing institutions.

"We did not think conducting a survey would offer much insight," he says. "Instead, we based it on our own observations and opinion, as a credit-reporting bureau."

An overreliance on credit scores highlights why institutions need different analytics to review bad debt. "We're not trying to redefine the world," Breitenfeld says. "We're just trying to add some clarity."

Experian expands first-party fraud to include:

Synthetic identity: The creation of a fictitious identity that's used to access credit or other financial services. Synthetic identity also can comprise altering a true name or the use of a legitimate but stolen Social Security number.

Bust-out: After building good credit history, the perpetrator opens several new accounts and suddenly stops making payments on the various accounts.

Straight-roller: An account that becomes delinquent and never shows attempt to make a payment.

Never pay: A form of straight-roller that becomes delinquent within the first two months of opening the account.

That more inclusive view of first-party fraud is supported by analytics, Experian says.

"First-party fraud, whether originating from individual actors or more organized crime syndicates, is quite difficult to detect via traditional application screening and account management processes," the new report states. "The difficulty arises from the fact that the identities either are legitimate or appear legitimate."

To catch fraud early, institutions need to integrate binary rules and basic identity verification with predictive and targeted analytics. "You don't wait for it to be in the collections queue," Breitenfeld says. "By that time, the losses will be too great."

First-party fraud often involves a combination of events, but fraud managers don't see overall losses because first-party fraud is classified as a charge-off or credit loss.

"The [regulatory] compliance definition of first-party fraud requires that the fraud involve bad payments," Breitenfeld says. "But we think many accounts that are first-party fraud don't have bad payments. ... Operationally, it's important for institutions to not rely solely on the regulatory definition of first-party fraud, or they risk missing a lot."

Scoring each part of an account's and an accountholder's lifecycle is key. "Scoring has to be tailored," Breitenfeld says. "We have to do that, too, because we are working with so many different entities. Everyone is trying to get this to a centralized process. We will get there, but for now it's challenging."

About the Author

A veteran journalist with more than 18 years' experience, Kitten has covered the financial sector for the last 11 years. Before joining Information Security Media Group in 2010, where she now serves as the Executive Editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;